If you’re running a convenience store or retail business, there’s a ticking clock you can’t afford to ignore—your card readers are about to expire. And no, it’s not just a software update. The Payment Card Industry (PCI) has set a firm deadline: April 30, 2026. After that, the payment devices many retailers rely on today will no longer meet the required security standards.
So, what does this mean for your business? It’s time to take a closer look and prepare because the consequences of inaction could cost you more than just a few missed sales.
Why This Matters: The PCI PTS 5.x Expiration
The Payment Card Industry sets strict standards to protect customer data, and the devices we use daily—PIN pads, card readers, contactless terminals—are all part of the equation. Right now, most convenience retailers are using devices built to comply with the PCI PTS 5.x standard, which will officially expire on April 30, 2026.
When that happens, your devices won’t stop working—but the risks go up and the support goes away.
Devices on the Chopping Block
There are dozens of devices impacted, but a few stand out as the most common in the convenience retail industry:
For the full list, head to the PCI Security Standards Council’s site.
What Happens After the Expiration Date?
Here’s the good news: come April 2026, your card readers won’t just stop working overnight. But the not-so-good news? You’ll be stepping into murky territory with limited support, no new updates, and serious security implications.
Let’s break it down:
1. No More Software Updates
Think about this like trying to use an old smartphone that can’t download the latest apps. After expiration, PIN Transaction Security (PTS) kernels won’t receive any additional updates or certifications. That means:
- New card types won’t be supported.
- Contactless payments could stop working as new formats roll out.
- Device vulnerabilities may never be patched.
2. Contactless Payments at Risk
When it comes to contactless, due to the timing of when the contactless kernel expires, some manufacturers are cutting off support for their devices even earlier – as early as December 2025. It is highly recommended that you reach out to the provider of your card readers to determine if you are impacted.
3. No More Deployments for New Stores
Planning a store opening or remodel in 2026? PCI rules mean you can’t deploy these outdated devices to new stores after April 2026. Even if you have extra units in stock, they won’t be considered compliant.
4. Inventory Dwindles Fast
Yes, you can use your current devices a while longer, but the closer we get to the deadline, replacements will be increasingly hard to source. Some vendors have already pulled 5.x devices from their catalogs. Once your inventory runs out, you may be stuck with no replacements and no support.
5. Security Red Flags
Operating on expired hardware? It’s risky business. You’ll want to bring in a Qualified Security Assessor (QSA) to review your situation. They can help you weigh the risks and ensure you’re meeting PCI requirements—even during a transition phase. A directory of qualified QSAs can be found on the PCI Security Standards Council site.
So… What Should You Do Now?
This isn’t a wait-and-see scenario. Getting ahead of the curve means fewer headaches down the line. Here’s your action plan:
✅ Start Planning Replacements Today
Work with your vendors now to secure updated devices and avoid the last-minute scramble.
✅ Know Your Options
Your vendor(s) can help you select the best device for your needs, but two standout replacements we have seen deployed include:
- Flexpay 6 (by GVR/Invenco)
- M425 (by Verifone)
Both are PCI PTS 6.x certified and designed to step in and easily replace expiring models.
✅ Coordinate with Your POS Provider
Make sure your point-of-sale systems can integrate with new devices and software will be certified for PCI compliance.
✅ Talk to a QSA
For detailed questions about hardware expiration, PCI encryption, or repair options, your best bet is a Qualified Security Assessor (QSA) who can help tailor a strategy to your business.
What Happens Next?
- Opening new stores after May 2026? Only PCI PTS 6.x devices will be allowed, so make sure you plan ahead for selecting the new replacement device you will move forward with.
- Existing stores? You’ll need a replacement strategy in place. (See action plan above.)
- Upgrading systems? Make sure integration, testing, and approval for your new systems includes updated payment devices and is completed before April 2026.
Final Thoughts: Don’t Wait Until It’s Too Late
The 2026 PCI PTS 5.x expiration isn’t just a technicality, it’s a business-critical shift. Acting early means staying ahead of compliance challenges and ensuring a seamless, secure experience at checkout.
If you would like to discuss in more detail what it would take to start your journey of updating your payment terminals, or if you need advice in addressing your other business or operational goals, we offer a free one-hour evaluation where we can discuss your goals and the steps we can take to find and implement the right fit for your business.
